[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2215: mitigate heartbleed vulnerability
Tahoe-LAFS
trac at tahoe-lafs.org
Fri May 6 16:16:53 UTC 2016
#2215: mitigate heartbleed vulnerability
-------------------------------------+-------------------------------------
Reporter: daira | Owner: daira
Type: defect | Status: closed
Priority: major | Milestone: 1.12.0
Component: code | Version: 1.10.0
Resolution: somebody else's | Keywords: security integrity
problem | confidentiality capleak pyopenssl
Launchpad Bug: | cffi packaging manual-test-needed
-------------------------------------+-------------------------------------
Changes (by warner):
* status: assigned => closed
* resolution: => somebody else's problem
Comment:
Talking with marlowe today, we decided to WONTFIX this. If somebody has a
clever talk-to-myself-and-discover-if-I'm-vulnerable tool, we can include
it, but absent that, I think our best option is to mention heartbleed in
the docs and tell folks that they need to upgrade their platform to have
it fixed. Most linux distributions have fixed it by now, so it should
really only be an issue for very old distributions, on which Tahoe is
unlikely to run anyways.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2215#comment:27>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list